Dev

docs/features/index.mdx

@@ -276,7 +276,7 @@ import { TopBanners } from "@site/src/components/TopBanners";
 
 - 🍻 **TavernAI Character Card Integration**: Experience enhanced visual storytelling with TavernAI Character Card Integration in our model builder. Users can seamlessly incorporate TavernAI character card PNGs directly into their model files, creating a more immersive and engaging user experience.
 
-- 🎲 **Model Playground (Beta)**: Try out models with the model playground area (`beta`), which enables users to test and explore model capabilities and parameters with ease in a sandbox environment before deployment in a live chat environment.
+- 🎲 **Model Playground (Beta)**: Try out models with the model playground area (`beta`), which enables users to test and explore model capabilities and parameters with ease in a sandbox environment before deployment in a live chat environment. Export your playground conversations in JSON format (compatible with Open WebUI chat import) or as plain text for easy sharing and documentation.
 
 ---
 

docs/features/pipelines/index.mdx

@@ -53,9 +53,9 @@ Integrating Pipelines with any OpenAI API-compatible UI client is simple. Launch
 
 ## ⚡ Quick Start with Docker
 
-:::warning
+:::danger ⚠️ Security Warning
 
-Pipelines are a plugin system with arbitrary code execution — **don't fetch random pipelines from sources you don't trust**.
+Pipelines are a plugin system with arbitrary code execution — **don't fetch random pipelines from sources you don't trust**. A malicious Pipeline could access your file system, exfiltrate data, mine cryptocurrency, or compromise your system. Always review Pipeline source code before installing. See the [Security Policy](/security) for more details.
 
 :::
 

docs/features/plugin/functions/index.mdx

@@ -11,6 +11,12 @@ Unlike external tools that may require complex integrations, **Functions are bui
 
 Think of Functions as **modular building blocks** that let you enhance how the WebUI works, tailored exactly to what you need. They’re lightweight, highly customizable, and written in **pure Python**, so you have the freedom to create anything—from new AI-powered workflows to integrations with anything you use, like Google Search or Home Assistant.
 
+:::danger ⚠️ Security Warning
+
+**Functions execute arbitrary Python code on your server.** Only install Functions from trusted sources. Before importing any Function, review its source code to understand what it does. A malicious Function could access your file system, exfiltrate data, or compromise your system. See the [Security Policy](/security) for more details.
+
+:::
+
 ---
 
 ## 🏗️ Types of Functions

docs/features/plugin/index.mdx

@@ -17,6 +17,28 @@ Getting started with Tools and Functions is easy because everything’s already
 
 ## What are "Tools" and "Functions"?
 
+---
+
+:::danger ⚠️ Critical Security Warning
+
+**Tools, Functions, Pipes, Filters, and Pipelines execute arbitrary Python code on your server.** This is by design—it's what makes them powerful. However, this also means:
+
+1. **Only install from trusted sources.** Never import Tools or Functions from unknown or untrusted sources. Malicious code can compromise your entire system.
+
+2. **Review code before importing.** Before installing any community Tool or Function, review its source code. If you don't understand what it does, don't install it.
+
+3. **Protect your data directory.** The `data` directory (mounted at `/app/backend/data` in Docker) contains your database, configurations, and cached Tools/Functions. If an attacker gains write access to this directory, they can inject malicious code that will execute on your server.
+
+4. **Restrict Workspace access.** Only trusted administrators should have permission to create, import, or modify Tools and Functions. Regular users should **not** have Workspace access unless explicitly required.
+
+5. **Audit installed plugins regularly.** Periodically review the Tools and Functions installed in your instance via **Workspace → Tools** and **Admin Panel → Functions**.
+
+**What could go wrong?** A malicious Tool or Function could exfiltrate data, install malware, mine cryptocurrency, pivot to other systems on your network, or corrupt your instance.
+
+:::
+
+---
+
 Let's start by thinking of **Open WebUI** as a "base" software that can do many tasks related to using Large Language Models (LLMs). But sometimes, you need extra features or abilities that don't come *out of the box*—this is where **tools** and **functions** come into play.
 
 ### Tools

docs/features/web-search/yandex.md

@@ -3,6 +3,12 @@ sidebar_position: 14
 title: "Yandex"
 ---
 
+:::warning
+
+This tutorial is a community contribution and is not supported by the Open WebUI team. It serves only as a demonstration on how to customize Open WebUI for your specific use case. Want to contribute? Check out the contributing tutorial.
+
+:::
+
 :::tip
 
 For a comprehensive list of all environment variables related to Web Search (including concurrency settings, result counts, and more), please refer to the [Environment Configuration documentation](../../getting-started/env-configuration#web-search).
@@ -40,4 +46,4 @@ services:
 
 *   **YANDEX_WEB_SEARCH_URL**: The endpoint for the Yandex Search API. Defaults to `https://searchapi.api.cloud.yandex.net/v2/web/search`.
 *   **YANDEX_WEB_SEARCH_API_KEY**: Your Yandex Cloud API Key.
-*   **YANDEX_WEB_SEARCH_CONFIG**: An optional JSON string to customize the search request (e.g., setting `searchType`, `region`, or other parameters supported by the Yandex Search API).
+*   **YANDEX_WEB_SEARCH_CONFIG**: An optional JSON string to customize the search request. This allows you to set any parameters supported by the Yandex Search API.

docs/getting-started/env-configuration.mdx

@@ -5859,6 +5859,24 @@ If `WEBSOCKET_REDIS_OPTIONS` is not set, `REDIS_SOCKET_CONNECT_TIMEOUT` will be
 
 :::
 
+#### `REDIS_SENTINEL_MAX_RETRY_COUNT`
+
+- Type: `int`
+- Default: `2`
+- Description: Sets the maximum number of retries for Redis operations when using Sentinel fail-over. This is a critical high-availability setting that allows the application time for master election and promotion. If your Sentinel `down-after-milliseconds` is high, you should tune this value accordingly to ensure the service survives the failover window without dropping connections.
+
+#### `REDIS_RECONNECT_DELAY`
+
+- Type: `float` (milliseconds)
+- Default: None
+- Description: Optional reconnect delay in milliseconds for Redis Sentinel retry logic, applied consistently across both synchronous and asynchronous Redis operations. This improves stability during Sentinel failover by preventing tight retry loops. When unset or invalid, retry behavior remains unchanged.
+
+#### `WEBSOCKET_REDIS_LOCK_TIMEOUT`
+
+- Type: `int`
+- Default: `60`
+- Description: Sets the timeout in seconds for Redis locks used by the websocket manager.
+
 #### `ENABLE_WEBSOCKET_SUPPORT`
 
 - Type: `bool`

docs/security.mdx

@@ -85,6 +85,50 @@ If your concern does not meet the vulnerability requirements outlined above, is
 
 Examples of non-vulnerability, still security-related concerns include suggestions for better default configuration values, security hardening recommendations, deployment best practices guidance, unclear configuration instructions, need for additional security documentation, feature requests for optional security enhancements (2FA, audit logging, etc.), and general security questions about production deployment. Please use the adequate channel for your specific issue.
 
+## Tools, Functions, and Pipelines Security
+
+Open WebUI provides powerful extensibility through **Tools**, **Functions** (including Pipes, Filters, and Actions), and **Pipelines**. These features allow you to extend Open WebUI's capabilities with custom Python code. However, this power comes with security responsibilities.
+
+:::warning
+
+**Tools, Functions, and Pipelines execute arbitrary Python code on your server.** This is intentional—it's what makes them powerful. However, this means they have the same level of access as the Open WebUI backend process itself.
+
+:::
+
+### Security Implications
+
+When you install a Tool, Function, or Pipeline, you are granting it the ability to:
+
+- **Access the file system** — read or write any files the backend process can access
+- **Make network requests** — connect to external services, potentially exfiltrating data
+- **Execute system commands** — run shell commands via subprocess
+- **Access environment variables** — read API keys, secrets, and configuration
+- **Modify the database** — access or alter stored data
+- **Consume compute resources** — run CPU-intensive operations
+
+### Best Practices
+
+| Practice | Description |
+|----------|-------------|
+| **Only install from trusted sources** | Only use Tools/Functions from the official community library or sources you trust |
+| **Review code before installing** | Read and understand what a Tool/Function does before importing it |
+| **Restrict Workspace access** | Only grant Workspace permissions to trusted administrators |
+| **Audit installed plugins** | Regularly review installed Tools (Workspace → Tools) and Functions (Admin Panel → Functions) |
+| **Protect your data directory** | The `/app/backend/data` directory contains your database and cached plugins—protect it from unauthorized access |
+| **Monitor resource usage** | Watch for unexpected CPU spikes that could indicate cryptomining or other abuse |
+| **Use official Docker images** | Only pull from `ghcr.io/open-webui/open-webui`—unofficial images may be compromised |
+
+### What Is NOT a Vulnerability
+
+The following scenarios are **not** considered vulnerabilities because they require administrator action:
+
+- An admin installing a malicious Tool or Function
+- An admin granting Workspace access to an untrusted user
+- An admin importing code from an untrusted source
+- An attacker with write access to the data volume injecting malicious plugins
+
+These scenarios represent **admin negligence** or **environment compromise**, not vulnerabilities in Open WebUI itself. See [our Security Policy](https://github.com/open-webui/open-webui/security) for details.
+
 ## Product Security Process
 
 - Internal and periodic external reviews of our architecture and pipelines

docs/tutorials/integrations/redis.md

@@ -215,6 +215,13 @@ WEBSOCKET_REDIS_OPTIONS='{"socket_connect_timeout": 5}'
 
 :::
 
+#### Retry and Reconnect Logic
+
+To enhance resilience during Sentinel failover—the window when a new master is being elected and promoted—you can configure retry behavior to prevent the application from exhausting its reconnection attempts too quickly.
+
+- **`REDIS_SENTINEL_MAX_RETRY_COUNT`**: Sets the maximum number of retries for Redis operations when using Sentinel (Default: `2`).
+- **`REDIS_RECONNECT_DELAY`**: Adds an optional delay in **milliseconds** between retry attempts (e.g., `REDIS_RECONNECT_DELAY=500`). This prevents tight retry loops that may otherwise overwhelm the event loop or block the application before a new master is ready.
+
 ### Complete Example Configuration
 
 Here's a complete example showing all Redis-related environment variables:
@@ -229,6 +236,8 @@ WEBSOCKET_REDIS_URL="redis://redis-valkey:6379/1"
 
 # Recommended for Sentinel deployments (prevents failover hangs)
 REDIS_SOCKET_CONNECT_TIMEOUT=5
+REDIS_SENTINEL_MAX_RETRY_COUNT=5
+REDIS_RECONNECT_DELAY=1000
 
 # Optional
 REDIS_KEY_PREFIX="open-webui"

docs/tutorials/tips/sqlite-database.md

@@ -79,9 +79,10 @@ Here is a complete list of tables in Open-WebUI's SQLite database. The tables ar
 | 23      | note             | Stores user-created notes and annotations                    |
 | 24      | oauth_session    | Manages active OAuth sessions for users                      |
 | 25      | prompt           | Stores templates and configurations for AI prompts           |
-| 26      | tag              | Manages tags/labels for content categorization               |
-| 27      | tool             | Stores configurations for system tools and integrations      |
-| 28      | user             | Maintains user profiles and account information              |
+| 26      | prompt_history   | Tracks version history and snapshots for prompts             |
+| 27      | tag              | Manages tags/labels for content categorization               |
+| 28      | tool             | Stores configurations for system tools and integrations      |
+| 29      | user             | Maintains user profiles and account information              |
 
 Note: there are two additional tables in Open-WebUI's SQLite database that are not related to Open-WebUI's core functionality, that have been excluded:
 
@@ -446,14 +447,33 @@ The `access_control` fields expected structure:
 
 ## Prompt Table
 
-| **Column Name** | **Data Type** | **Constraints** | **Description**           |
-| --------------- | ------------- | --------------- | ------------------------- |
-| command         | String        | PRIMARY KEY     | Unique command identifier |
-| user_id         | String        | -               | Prompt owner              |
-| title           | Text          | -               | Prompt title              |
-| content         | Text          | -               | Prompt content/template   |
-| timestamp       | BigInteger    | -               | Last update timestamp     |
-| access_control  | JSON          | nullable        | Access permissions        |
+| **Column Name** | **Data Type** | **Constraints** | **Description**                     |
+| --------------- | ------------- | --------------- | ----------------------------------- |
+| id              | Text          | PRIMARY KEY     | Unique identifier (UUID)            |
+| command         | String        | UNIQUE, INDEX   | Unique command identifier           |
+| user_id         | String        | NOT NULL        | Owner of the prompt                 |
+| name            | Text          | NOT NULL        | Display name of the prompt          |
+| content         | Text          | NOT NULL        | Prompt content/template             |
+| data            | JSON          | nullable        | Additional prompt data              |
+| meta            | JSON          | nullable        | Prompt metadata                     |
+| access_control  | JSON          | nullable        | Permission settings                 |
+| is_active       | Boolean       | default=True    | Active status                       |
+| version_id      | Text          | nullable        | Current version identifier          |
+| tags            | JSON          | nullable        | Associated tags                     |
+| created_at      | BigInteger    | NOT NULL        | Creation timestamp                  |
+| updated_at      | BigInteger    | NOT NULL        | Last update timestamp               |
+
+## Prompt History Table
+
+| **Column Name** | **Data Type** | **Constraints**                | **Description**                   |
+| --------------- | ------------- | ------------------------------ | --------------------------------- |
+| id              | Text          | PRIMARY KEY                    | Unique identifier (UUID)          |
+| prompt_id       | Text          | FOREIGN KEY(prompt.id), INDEX  | Reference to the prompt           |
+| parent_id       | Text          | nullable                       | Reference to the parent version   |
+| snapshot        | JSON          | NOT NULL                       | Snapshot of the prompt at version |
+| user_id         | Text          | NOT NULL                       | User who created the version      |
+| commit_message  | Text          | nullable                       | Version commit message            |
+| created_at      | BigInteger    | NOT NULL                       | Creation timestamp                |
 
 ## Tag Table
 
@@ -524,6 +544,8 @@ erDiagram
     user ||--o{ memory : "owns"
     user ||--o{ model : "manages"
     user ||--o{ prompt : "creates"
+    user ||--o{ prompt_history : "creates"
+    prompt ||--o{ prompt_history : "has"
     user ||--o{ tag : "creates"
     user ||--o{ tool : "manages"
     user ||--o{ note : "owns"
@@ -698,11 +720,26 @@ erDiagram
     }
 
     prompt {
-        string command PK
+        text id PK
+        string command
         string user_id FK
-        text title
+        text name
         text content
+        json data
+        json meta
         json access_control
+        boolean is_active
+        text version_id
+        json tags
+    }
+
+    prompt_history {
+        text id PK
+        text prompt_id FK
+        text parent_id FK
+        json snapshot
+        text user_id FK
+        text commit_message
     }
 
     tag {